Expose ability to validate access and Id tokens without making call to server

[narras-oss]

Up to vertx 3.9.9 we were able to use AccessToken object to pass in the Json fields expires_in, access_token and id_token and have it validated by the library using the following code , "responseString" contains the Json string with these fields.

new OAuth2TokenImpl(oauthProvider, new JsonObject(responseString))

When I upgraded to vertx 4.2.1, I noticed only access_token is available in user.attributes() when i use this code to replace the above

oauthProvider.authenticate(new UserImpl(new JsonObject(responseString)).principal()) .onSuccess(user -> { user.attributes() //only has accessToken });

We implement a token exchange (on behalf of) flow where access_token and id_token are given from the third party and we validate them and issue our own access_token. For this we need the ability to validate id_token.

I see a private method which already implements token validations in OAuth2AuthProviderImpl.java. If a wrapper public method is added to OAuth2Auth that will serve this use case.

private User createUser(JsonObject json, boolean skipMissingKeyNotify) { //validations happen here for all tokens and User is created with accessToken and idToken attributes .. }

E.g.

public User createUser(JsonObject tokenResult) { // json will hold the json object representing the token result createUser(json, false); }

In addition, in 3.9.9 we were also able to skip "aud" check in id_token for token exchange flow. It would be good to add a toggle for that too in Options.